× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 43c08aa85f354098a5b0480c7857525aaf7fea22344111231541a25a3a81a53a
File name: 2004.[33] launched and mailing 2010 to
Detection ratio: 49 / 62
Analysis date: 2017-06-28 20:21:31 UTC ( 3 weeks ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Strictor.108191 20170629
AegisLab Gen.Variant.Strictor!c 20170629
ALYac Gen:Variant.Strictor.108191 20170629
Antiy-AVL Trojan/Win32.TSGeneric 20170629
Arcabit Trojan.Strictor.D1A69F 20170629
Avira (no cloud) TR/AD.Bladabindi.jxpvo 20170628
AVware Trojan.Win32.Generic.pak!cobra 20170629
BitDefender Gen:Variant.Strictor.108191 20170629
CAT-QuickHeal Trojan.MSIL 20170628
ClamAV Win.Trojan.Generic-6305872-0 20170628
Comodo UnclassifiedMalware 20170629
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20170420
Cyren W32/MSIL_Injector.JT.gen!Eldorado 20170629
DrWeb Trojan.DownLoader24.64830 20170629
Emsisoft Gen:Variant.Strictor.108191 (B) 20170629
Endgame malicious (high confidence) 20170615
ESET-NOD32 a variant of MSIL/Injector.SLD 20170629
F-Prot W32/MSIL_Injector.JT.gen!Eldorado 20170629
F-Secure Gen:Variant.Strictor.108191 20170629
Fortinet MSIL/GenKryptik.ADBO!tr 20170629
GData Gen:Variant.Strictor.108191 20170629
Ikarus Trojan.MSIL.Krypt 20170628
Sophos ML heuristic 20170607
K7AntiVirus Trojan ( 0050c0ab1 ) 20170627
K7GW Trojan ( 0050c0ab1 ) 20170629
Kaspersky Trojan.MSIL.Agent.actqt 20170629
Malwarebytes Trojan.Injector 20170629
McAfee Trojan-FLSZ!188703127938 20170629
McAfee-GW-Edition Trojan-FLSZ!188703127938 20170629
Microsoft Trojan:Win32/Skeeyah.A!rfn 20170629
eScan Gen:Variant.Strictor.108191 20170629
NANO-Antivirus Trojan.Win32.Agent.eplezz 20170629
Palo Alto Networks (Known Signatures) generic.ml 20170629
Panda Trj/CI.A 20170628
Qihoo-360 Win32/Trojan.35a 20170629
Rising Trojan.FakeIcon!1.64A5 (cloud:glaXaB3QoWI) 20170629
SentinelOne (Static ML) static engine - malicious 20170516
Sophos AV Mal/Generic-S 20170629
Symantec Trojan.Gen.2 20170629
Tencent Msil.Trojan.Agent.Dzal 20170629
TrendMicro TROJ_GEN.R0ADC0PEQ17 20170629
TrendMicro-HouseCall TROJ_GEN.R0ADC0PEQ17 20170629
VBA32 Trojan.MSIL.Agent 20170628
VIPRE Trojan.Win32.Generic.pak!cobra 20170629
ViRobot Backdoor.Win32.Agent.2108416 20170629
Webroot W32.Gen.pak 20170629
Yandex Trojan.Agent!Kg/5XR4tQTA 20170628
Zillya Trojan.Agent.Win32.791134 20170628
ZoneAlarm by Check Point Trojan.MSIL.Agent.actqt 20170629
AhnLab-V3 20170628
Alibaba 20170629
Avast 20170629
AVG 20170629
Baidu 20170629
Bkav 20170628
CMC 20170629
Jiangmin 20170628
Kingsoft 20170629
nProtect 20170629
SUPERAntiSpyware 20170629
Symantec Mobile Insight 20170627
TheHacker 20170628
TotalDefense 20170629
Trustlook 20170629
WhiteArmor 20170627
Zoner 20170629
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © announced at Bomis was array Decline

Product 2004.[33] launched and mailing 2010 to
Original name 2004.[33] launched and mailing 2010 to
Internal name 2004.[33] launched and mailing 2010 to
File version 11.14.16.10
Description was of encouraged it Wikipedia, the
Comments contributors, to to was Wales by
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-04-22 12:25:53
Entry Point 0x002017CE
Number of sections 3
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 3
ENGLISH US 1
PE resources
ExifTool file metadata
LegalTrademarks
have coexisted announced (Spain) 2013 2001,

SubsystemVersion
4.0

Comments
contributors, to to was Wales by

LinkerVersion
11.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
was of encouraged it Wikipedia, the

CharacterSet
Unicode

InitializedDataSize
12800

EntryPoint
0x2017ce

OriginalFileName
2004.[33] launched and mailing 2010 to

MIMEType
application/octet-stream

LegalCopyright
Copyright announced at Bomis was array Decline

FileVersion
11.14.16.10

TimeStamp
2017:04:22 13:25:53+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
2004.[33] launched and mailing 2010 to

ProductVersion
4.4.9.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Alto called 2013, editions. an and

CodeSize
2095104

ProductName
2004.[33] launched and mailing 2010 to

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
11.14.16.10

Compressed bundles
File identification
MD5 18870312793879d63259b5e29899c397
SHA1 5dfdfe2ae9a2440fac999cc22617c90220fe7746
SHA256 43c08aa85f354098a5b0480c7857525aaf7fea22344111231541a25a3a81a53a
ssdeep
24576:7JgnkG/PwftQQomXcSby/3VEmPi2cv5wnY/6qawJly4kQQko:9gnksYpeHqvwYyAe1Q

authentihash 228c82f9127fc895f2115f90b00d34da7480aa2832032ad7e33e9b13a57b63b3
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 2.0 MB ( 2108416 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (82.9%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-05-24 13:26:03 UTC ( 1 month, 3 weeks ago )
Last submission 2017-06-23 16:28:15 UTC ( 3 weeks, 6 days ago )
File names DOOMx64.exe
ViaFile.EXE
DOOMx64.exe
2004.[33] launched and mailing 2010 to
ViaFile.EXE
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
DNS requests
UDP communications